package com.echo.auth.core.config;

import com.echo.auth.business.service.impl.KiteUserDetailsService;
import com.echo.auth.core.properties.Oauth2SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

/**
 * @version: V1.0
 * @author: chentailai
 * @description: 可以看到ResourceServerConfig 是比SecurityConfig 的优先级低的。
 * 二者的关系：
 * ResourceServerConfig 用于保护oauth相关的endpoints，同时主要作用于用户的登录(form login,Basic auth)
 * SecurityConfig 用于保护oauth要开放的资源，同时主要作用于client端以及token的认证(Bearer auth)
 * 所以我们让SecurityConfig优先于ResourceServerConfig，且在SecurityConfig 不拦截oauth要开放的资源，在ResourceServerConfig 中配置需要token验证的资源，也就是我们对外提供的接口。所以这里对于所有微服务的接口定义有一个要求，就是全部以/api开头。
 * 如果这里不这样配置的话，在你拿到access_token去请求各个接口时会报 invalid_token的提示。
 * @className: WebSecurityConfig
 * @packageName: com.echo.auth.core.config
 * @data: 2020/3/29 0:08
 **/
@Configuration
@EnableWebSecurity
@Order(2)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

//    @Resource
//    private Oauth2SecurityProperties oauth2SecurityProperties;

    @Value("${spring.application.name}")
    private String authServerName;

    @Resource
    private KiteUserDetailsService kiteUserDetailsService;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(kiteUserDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.csrf().disable()
//                .authorizeRequests()
//                .antMatchers("/", "/user/**", "/oauth/**", "/actuator/**", "/v2/api-docs").permitAll()
//                .anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .loginPage("/" + authServerName + "/oauth/login")
//                .loginProcessingUrl("/" + authServerName + "/oauth/form")
//                .failureUrl("/" + authServerName + "/oauth/login?error")
//                .permitAll();

        http.authorizeRequests()
                //拦截所有请求
//                //放行以下接口
                .antMatchers("/", "/user/**", "/oauth/**", "/actuator/**", "/v2/api-docs").permitAll()
                .anyRequest().authenticated()
                .and()
                //允许表单登陆
                /* .formLogin().permitAll()
                 .and()*/
                //禁用跨域请求伪造
                .csrf().disable().httpBasic();
//        http.csrf().disable()
//                .requestMatchers()
//                .anyRequest()
//                .and()
//                .authorizeRequests()
//                .antMatchers("/oauth/**","/login").permitAll()
//                .and().formLogin().permitAll();


//                .authorizeRequests()
//                .antMatchers("/actuator/","/token/","/oauth/authorize").permitAll()
//                .anyRequest().authenticated()
//                .and().formLogin().permitAll()
//                .and().csrf().disable();
    }


    /**
     * @version: V1.0
     * @author: chentailai
     * @description: 忽略静态资源
     * @className: WebSecurityConfig
     * @packageName: com.echo.auth.core.config
     * @data: 2020/3/28 16:51
     **/
    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/static/**");
    }

    public static void main(String[] args) {
        System.out.println("原密码: 123123 加密后：" + new BCryptPasswordEncoder().encode("123123"));
        ;
    }
}
